3 matches found
CVE-2022-43438
CVE-2022-43438 concerns EasyTest (by HWA JIUH DIGITAL TECHNOLOGY LTD). The Administrator function exposes an Incorrect Authorization flaw that allows an authenticated general-user to bypass access controls and perform restricted API calls, potentially manipulating the system and terminating servi...
CVE-2022-43437
Vulnerability: EasyTest (HWA JIUH DIGITAL TECHNOLOGY LTD.) has a SQL injection in the Download function parameter due to insufficient input validation. Root cause: lack of validation enables a remote attacker with general user privileges to inject arbitrary SQL commands and access/modify/delete t...
CVE-2022-43436
CVE-2022-43436 affects the EasyTest File Upload feature. The root cause is insufficient filtering for special characters and file types in the upload handler, allowing a remote attacker authenticated as a general user to upload and execute arbitrary files. Documented impact includes manipulation ...